Microsoft's .NET Security Promise Challenged
Posted by configure on 28 November 2001 - 08:36 · no comments & 179 views
About the Author
Full name: Unknown
Forum name:
configure
Contact: via forum PM
Submissions: Normal · Headline
Full name: Unknown
Forum name:
configureContact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google
Analysts say that .NET is several years behind Java in providing the kinds of good security practices that Sun has already integrated into its model.
In an apparent reversal of its poor security record of late, Microsoft Corporation (Nasdaq: MSFT) has received a positive review of its .NET platform from two computer security companies.
But Matthew Kovar, an Internet security analyst for the Yankee Group, told NewsFactor Network: "I would state that at the least this is a shallow attempt by Microsoft to sway public opinion about the future of a system that is still not available to hackers to truly test."
Foundstone Inc. and CORE Security Technologies released a joint white paper Monday entitled "Security in the Microsoft .NET Framework," which asserts that "the managed code architecture of the .NET Framework provides a compelling solution to the problem of software application security."
The report went on to say that the .NET Framework offers software developers and IT administrators "granular security control" by offering them clear-cut ways in which to implement robust cryptographic, authentication, and authorization practices while plugging holes caused by buffer overflows.
Moreover, the white paper said that IT administrators and software developers would relieve end users of having to make crucial security judgments when the framework is used.